Important note: Some media coverage on this topic falsely or inaccurately depicts the attack conditions. To be clear: Any vulnerable device can be compromised if the attacker is in Bluetooth range. That is the only precondition.
During our research on Bluetooth headphones and earbuds, we identified several vulnerabilities in devices that incorporate Airoha Systems on a Chip (SoCs). In this blog post, we briefly want to describe the vulnerabilities, point out their impact and provide some context to currently running patch delivery processes as described at this year’s TROOPERS Conference.
Windows Hello for Business is a key component of Microsoft’s passwordless authentication strategy. It enables user authentication not only during system sign-in but also in conjunction with new and advanced features such as Personal Data Encryption, Administrator Protection, and Recall. Rather than depending on traditional passwords, Windows Hello leverages a PIN or biometric methods – such as fingerprint or facial recognition – to unlock cryptographic keys protected by the Trusted Platform Module (TPM).
For the realization and introduction of autonomous vehicles, the safe interaction of functions, systems and services as well as their monitoring over the entire product life cycle is essential. An exclusive security-by-design approach is no longer sufficient and must be continuously supported by feedback obtained from in-the-wild operation. This is where the recently successfully completed joint project BMBF UNCOVER comes into play, which targets the requirements of the standards ISO/SAE 21434 (Road vehicles – Cybersecurity engineering) and ISO 21448 (Road vehicles – Safety of the intended functionality (SOTIF)).
are you curious about the agenda of the Active Directory- & Entra ID security track at TROOPERS24? Here’s a sneak peak of the already published tracks:
I was writing some challenges for PacketWars at TROOPERS22. One was intended to be a JWT key confusion challenge where the public key from an RSA JWT should be recovered and used to sign a symmetric JWT. For that, I was searching for a library vulnerable to JWT key confusion by default and found lua-resty-jwt. The original repository by SkyLothar is not maintained and different from the library that is installed with the LuaRocks package manager. The investigated library is a fork of the original repository, maintained by cdbattags in version 0.2.3 and was downloaded more than 4.8 million times according to LuaRocks.
While looking at the source code I found a way to circumvent authentication entirely.
At Troopers 2023, we gave a talk on how to attack DHL parcel tracking information based on OSINT. Since we previously had an exemplary disclosure process about this attack with DHL, Mr. Kiehne (from DHL) joined us to provide interesting background information and insights on how they addressed our findings.
The training Software-Defined Radio applied to security assessments was held by Sébastien Dudek at Troopers21 and was remotely organized – like most other events – due to Covid-19. Once we were all caffeinated, we had an exciting journey through basically all things radio.
Attackers are everywhere. They are now on the cloud too! Attacking the most popular cloud provider – AWS, requires the knowledge of how different services are setup, what defences do we need to bypass, what service attributes can be abused, where can information be leaked, how do I escalate privileges, what about monitoring solutions that may be present in the environment and so on! We try to answer these questions in our intense, hands-on scenario driven training on attacking and subsequently defending against the attacks on AWS.
As an attacker or defender, if you have ever asked any of the following questions, this training is for you:
Is there a process to attacking the cloud or do we go after the services as and when they are discovered?
Is SSRF the only vulnerability to access the metadata service on EC2?
How do I use stolen AWS secret keys to attack further?
How do I hide cover my tracks in AWS environment?
If I can’t see a service due to security group, can I still attack it?
How do I create better wordlists to discover and exploit S3 buckets that have uncommon names?
Can I impersonate other users within AWS?
Is there a way to extract secrets from AWS Lambda?
How do I prevent credential compromise in AWS?
How can I be sure there is no attacker already within my cloud infrastructure?
How do I enumerate and move between accounts that are part of AWS organisations?
Did you know that in the ever evolving field of Web and Desktop apps, it turns out these can all now be powered with JavaScript? You read that right: JavaScript is now used to power both web apps (Node.js) as well as Desktop apps (Electron). What could possibly go wrong?
So, the burning question is: how does this affect Web and Desktop app security? If you want to find out, come to our training and you will experience this in a 100% hands-on fashion! 🙂
You will learn about how to hack Web and Desktop apps, with a special focus in JavaScript attack vectors tailored for Node.js and Electron but also broader attack vectors that will also work against regular Web and Desktop apps.
What are the main attack vectors against Web and Desktop apps? How can apps defend against these? How do JavaScript frameworks change this? Come to find out!
Our workshop “TLS in the enterprise” was held for the first time at Troopers 2018 and was our special contribution to the IT Security world to increase the usage of TLS and point out the pitfalls, when switching to TLS.
But time is changing and TLS is a kind of standard nowadays, at least when looking at HTTPS, but there are still a lot of things to do regarding other protocols like
Jabber
LDAP
Telnet
SMTP, POP3 and IMAP
SIP and RTP
MySQL
Postgres
SSL based VPNs
just to name a few ;-). We will cover that in our training too, but the most important new stuff will be Post Quantum Security and how it will affect the future of encryption. We will talk about crypto algorithms and which of them can still be used in the future, we will talk about timelines and preparation (including the actual state of technology) like develop your master plan and we will try to clear up the myths regarding quantum computers to get your enterprise ready for the post quantum era :-).
Become aware that quantum computers will likely break most traditional public key crypto and every secret it protects. Examples for affected crypto: RSA, DH, ECC, ElGamal, PKI, digital certificates, digital signatures, VPNs, WiFi protection, smartcards, HSMs, crypto currencies, two factor authentication which relies on digital certificates (e.g. FIDO keys, Google security keys, etc.) and of course TLS.
And the quantum computers are not that far away, as the following timeline proves:
1998: first working quantum computer
2016: Google develops quantum computer
2017: D-Waves announces the commercial availability of the D-Wave 2000Q™ quantum computer
2017: IBM and Microsoft announces quantum computers
2018: several quantum microprocessors available
2019: likely over 100 quantum computers available
hmm, you are afraid now? No ;-)! You are curious? You got the point, it’s time to get prepared. The early bird catches the worm (which btw. is also true for getting your Troopers ticket and workshop seat 😉 ) the NSA said, and it moved to post-quantum in January 2016.
So to satisfy your curiosity, see you at our workshop “TLS in the enterprise” at Troopers 2020.